Heartbleed: What Is It And What Should You do About It?

Posted by Harshad

Heartbleed: What Is It And What Should You do About It?

Heartbleed: What Is It And What Should You do About It?

Posted: 10 Apr 2014 08:01 AM PDT

If you see a red, hollow, dripping heart symbol in your news feed, then yes, you’ve probably heard of the latest security breach to hit the Internet: Heartbleed. The security bug that’s compromised the security of accounts on sites like Yahoo, Facebook and even the Canadian Revenue agency has the whole Internet is up in arms. You’ve probably been asked to change your passwords for your emails, online accounts etc, but hold up.


In the midst of all this information, though, it’s can be hard to make heads or tails of what’s going on exactly. What is Heartbleed, exactly? Is it really as dangerous as everyone’s saying? How can you find out if you’re affected? Here’s a quick look at some of the main issues surrounding Heartbleed and what you can do about it.

What Is Heartbleed?

Heartbleed is a bug that affects the OpenSSL service, which is a cryptographic library that’s used to encrypt data on more than two-thirds of all the websites on the Internet. If you’ve ever seen that locked padlock logo in your browser, or visited a site using the https: protocol, then you’re familiar with OpenSSL.

What Heartbleed Can Do

The Heartbleed bug exposes data held in a server’s RAM, meaning just about anyone has access to, and can snoop on Internet traffic, even when it’s supposedly encrypted.

Interlopers, if any, could take advantage of Heartbleed to obtain the keys and data that they’d need to decipher and read all the encrypted data that recently passed through a server.

Is It A Problem?

Given the fact that more than two-thirds of websites and services on the internet use OpenSSL, yes, Heartbleed is quite a major problem. However, it’s important to bear in mind that Heartbleed is not malware or a virus, and thus, a site affected by Heartbleed may not necessarily have had any data stolen. And it’s been around, undetected, since 2012.

Pretty much all forms of personal, encrypted information are vulnerable to Heartbleed. As long as it passes through the OpenSSL protocol, someone could have accessed it illegitimately. Passwords, emails, user names, communications — you name it, it’s probably accessible in some form or another due to Heartbleed.

So, yes, it is a problem.

How To Tell If You’re Affected

While it’s true that not every service has been affected by Heartbleed, it’s still better to be safe than sorry. While you can’t know for sure whether your own data has been compromised, there are a couple of services out there that can help you check whether you’re affected by Heartbleed.

Filippo Heartbleed Test

This Heartbleed test sends out malformed heartbeats to the website of your choice, extracting around 80 bytes of memory as proof. In other words, the test attacks the site much like a hacker would, to test whether the site is vulnerable to Heartbleed.

Filippo Heartbleed Test

LastPass Heartbleed Checker

The LastPass team has also put up a tool for you to check for affected sites. All you have to do is to type in the domain of the website you want to check and then click on See if the site is vulnerable to Heartbleed.

LastPass Heartbleed Checker

What To Do If You’re affected

If from the checks, you’ve found that you have an account on a site that could be compromised by Heartbleed, you have to decide on a course of action. The common wisdom is to immediately change your password, but this advice ignores one crucial fact: there’s no point changing passwords if the site hasn’t been fixed.

Heartbleed, as discussed earlier, isn’t a simple database leak, so simply changing your passwords won’t help if the problem hasn’t been fixed by the site. Some websites and services, such as Google, will have made this clear, but there will definitely be websites that don’t explicitly state whether they’ve rectified the issue on their end.

GitHub List

What you can do now is to use either of the two tools listed above, or check the site to at the GitHub or Mashable lists to see if the service is still vulnerable.

Note that the two tools and the GitHub list don’t differentiate between services that were never vulnerable and services that have been fixed. It’s probably safer that you change your passwords if the site reports as not vulnerable.

Simply taking a break from affected services might help too, since Heartbleed only exposes data that’s in a server’s RAM.

Password Security

While Heartbleed goes beyond just an issue with password security, it’s still a good time to remind ourselves of some of the best ways to ensure the security of online accounts. Yes, there’s more to password security than just changing your password every few months.

While two-factor authentication may not necessarily protect you from Heartbleed, it’s still a great security measure that you should definitely take advantage of on any services that support it.

Two-Factor Authentification

If you’re unfamiliar, two-factor authentification is a way of verifying the identity of a user based on two steps instead of one. In other words, instead of just asking for a username and password, two-factor authentification also requires you to key in a verification code or use a smartphone app to further verify your identity.

Another security measure you should probably take is to use tools to generate and manage passwords for you. The major benefit of these tools is the fact that they will create randomized passwords and manage them for you; no more having to memorize a ton of different passwords or, even worse, use the same password on multiple websites.

Password Generator


Heartbleed is a serious security issue that affects almost everyone on the Internet, and there isn’t much that any of us can do about it. Beyond checking the services we use and changing our passwords if they’ve fixed the flaw, or taking a break and remaining vigilant if they haven’t, it’s really all in the hands of the server administrators. If anything, Heartbleed serves as a reminder that we can never take the security of our personal data for granted.

20 Mind-Blowing & Inspirational Tattoo Sketches

Posted: 10 Apr 2014 06:01 AM PDT

For all inked individuals, tattoos are a means of self expression. Tattooing has been practiced for many years in various parts of the world. The body becomes a canvas for amazing pieces of art in varying sizes and styles. These days tattoos have become more mainstream, and are not just limited to certain socio-economic classes or a certain age.

Choosing a tattoo design for yourself can be a hard task. The design should speak of your style, personality or your dreams and well, it is going to be part of you for a long, long time. In this post, we are showcasing 20 tattoo sketches that have not made the move from paper to skin (or have they?). Perhaps you may be inspired to create your own mind-blowing tattoo version.

Sketches by Nikita Blackbird

Tattoo Sketches by Zoe Mironova

Flowers Butterfly And Moth Sketch For A Tattoo by Ronny-Inked

Skull Roses Paint Trade by jerrrroen

Tattoo – Home Is Where The Anchor Drops! by Marcelo Schultz

Tattoo Sketch by Nikita Gutorov

Pirate Tattoo by Nikolay Kulyakhtin

Tattoo Sketches by Olya Pasia

Sketches by mac wide

Owl Tattoo Design by herrrox

Compass – Fhöbik by Fhöbik Artwork

Skull And Roses by FraH

Sketches Of Tattoos by Masha Kovtun

Tattoo Sketches. Dotwork. by Yaroslav Kirilenko

Sketches by Seva MFN

Sketches by Nikita Blackbird

Super Water by Vitaly Morozov

Dandelion Watercolor by dopeindulgence

Poppy Art Watercolor by dopeindulgence

Swallows Tattoo. My Work, My Sketch by Vika Naumova

Personalize Your Gmail Interface With Gmelius

Posted: 10 Apr 2014 03:01 AM PDT

If you spend a lot of time in Gmail, composing and replying to emails, you’ve probably started wishing that there were certain things you could change in order to improve your Gmail experience. Maybe you miss the old compose window, or maybe you wish that you didn’t have to look at all those ads, or perhaps you’d like the option of tweaking the interface here and there to suit your needs and tastes. Well, you can stop wishing, because Gmelius is here.


Gmelius is a browser extension that aims to provide a cleaner and smarter Gmail experience. It lets you customize the Gmail interface, showing only the elements you need and hiding the rest. Whether you want to reduce clutter or just want to freshen Gmail up, Gmelius is the extension for you.

Getting Started With Gmelius

Gmelius is available for Google Chrome, Mozilla Firefox and Opera. All three versions of the extension should work identically; we’ll be taking a look at the Google Chrome version in this post. Note that you can also download the extension from the official website, which should detect the browser you’re using and offer the correct version for download.

Either way, once you’ve installed Gmelius, you should instantly be taken to its configuration screen. No extra logins or anything of the sort to worry about.

Gmelius Settings

Gmelius Features

As you can see from the configuration screen, Gmelius has a lot of features, grouped into separate categories, that will help you get your Gmail interface just right. We don’t have the space to discuss every single feature in depth, so here’s a quick run-through of the more notable features.

All of the options in the Regain some space in Gmail category have to do with removing certain elements of the Gmail interface, freeing up screen real estate for the important things, namely the emails themselves. Amongst the interface elements you can disable include Ads, the People Widget, the footer, all the chat-related elements and the scrollbar.

Hide Ads

There are also options that can tweak how the Gmail Header works. You can enable things such as an additional button to hide and show the Gmail header bar, the ability to automatically scroll to the top of your inbox by clicking the topmost light grey bar, as well as hide Google+ Activity.

Hide Gmail Header

The Gmail inbox category houses all the features that change the inbox itself. You can enable a subtle row highlight when you mouse over emails, homogenize all incoming emails, add text to and colorize navigation icons as well as restore the old Gmail compose window. Do bear in mind that the old compose window is still in beta, so you may encounter some small bugs here and there.

Old Gmail Compose

Finally, Gmelius also has the ability to add attachment icons to your inbox. By default, the Gmail inbox only shows that there’s an attachment with that small paperclip icon, without showing what sort of attachment it is. Enabling this feature changes this paperclip icon to an icon that matches the type of file that’s attached to the email. More than 40 filetypes are currently supported.

Attachment Icons

Premium Features

Gmelius also includes a few premium features. These features are free to use while the extension is in beta, but expect to have to pay for them once the extension leaves beta.

Premium Features

There are currently two options in the Make Gmail Smarter category. Firstly, you can enable the ability to search Gmail directly from the omnibox or address bar, which is a very handy feature that most will probably find useful. There’s also a feature that that automatically simplifies email addresses, replacing "[at]" and "[dot]" with the more readable "@" and ".", that’s enabled by default.

Gmelius Omnibox Search

There’s also a Print cleaner emails option. This option removes the Gmail logo and modifies Gmail’s printing stylesheet to make your printed emails look more professional. The modified stylesheet also lets you include more text in a single page, quite handy for those really long emails. This feature is also enabled by default.


As you can see, Gmelius is a great solution for anyone who’s not entirely thrilled with the Gmail interface and wants to change things up a bit. Between hiding unused interface elements to tweaking the colors and behavior of the Gmail inbox, Gmelius has probably got you covered. Gmelius is currently free, with no charge for the Premium features yet, but you can donate to the developer if you like the extension.

Myth – Writing CSS of the Future

Posted: 09 Apr 2014 10:01 PM PDT

CSS has introduced a slew of new features such as CSS Gradients, Shadows, Border Radius, and Animation that can all be achieved purely with CSS. There are also several features that have yet to be implemented due tolack of browser support for CSS variables and CSS calc() functions. But if you can’t really wait for the future, let’s check out Myth.

Myth, unlike other pre-processors that invent its own syntax, uses the same syntax as the standard spec. You can use variables, perform mathematical or color operations, and write new CSS properties in its official form. Its goal is to allow developers to write pure CSS, while also be able to utilize future-standard syntax, right now.

Getting Started

To get started, we need to install Myth binary to be able to compile it to the current CSS standard. There isn’t GUI application like Codekit or Koala that supports Myth at the time of writing, so this is the only way to compile Myth into browser-compliant CSS format.

In Terminal, type the following command:

 npm install -g myth 

You can then use this command below, for instance, to compile source.css into output.css.

 myth source.css output.css 

Or, type this to monitor the source.css and compile it to output.css for every change.

 myth --watch source.css output.css 

Myth does not introduce a new extension. It works with .css as shown above.

Writing CSS with Myth

Myth also does not introduce proprietary functions and rules like the other CSS Pre-processors, so you should be able to get used to Myth almost immediately. It is like plain CSS.


Let’s start with Variables. In CSS, a variable is declared, like so:

 :root { var-length: 10px; var-color: #000; } .class { background-color: var(color); width: var(length); } 

Myth compiles this code into browser-compliant format:

 .class { background-color: #000; width: 20px; } 

You can refer to our previous article about Using CSS Variables for more details.

Math Operations

As mentioned, we can also perform mathematical operations with the new CSS3 calc() function. We have also covered this function in our previous article: Using CSS3 Calc Function.

Let’s extend our first example with it:

 :root { var-length: 10px; var-color: #000; } .class { background-color: var(color); width: calc(var(length) / 2); } 

Myth compiles the above codes into:

 .class { background-color: #000; width: 10px; } 

Color Adjustments

Myth also supports some color operations or adjustments like in LESS or Sass. A new standard function for it is proposed to be included in CSS spec named color() — including a set of color-adjusting functions such as tint(), shade(), and blend() just to name a few.

Below is one example: we increase the background color’s lightness by 80% and decrease the border color by 50%.

 :root { var-length: 20px; var-black: #000; var-white: #fff; } .class { background-color: color(var(black) lightness(+ 80%)); border: var(border-width) solid color(var(white) lightness(- 50%)); width: calc(var(length) / 2); } 

That code will produce:

 .class { background-color: rgb(204, 204, 204); border: 2px solid rgb(128, 128, 128); width: 10px; } 


Myth will also automatically add vendor prefix to CSS properties. We can simply write, for instance, CSS Box Shadow, this way:

 .class { box-shadow: 2px 1px 0px var(black); } 

The output is:

 .class { -webkit-box-shadow: 2px 1px 0px #000; box-shadow: 2px 1px 0px #000; } 

Final Thought

I love the idea of Myth. With it, we can write pure CSS of the future today without worrying about browser support. And since it uses the standard syntax, later when all browsers have implemented it (as the standard), we won’t need to rewrite all the code. I think I’m going to start using it in every one of my future projects. What about you? Will you adopt the same?


Post a Comment